If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

hard drive serial number

I have a commercial software package for small business that I have been selling for a long time. Its kind of like a POS but does a lot more.

I have been using different ways of software security to avoid piracy including dongle hardware lock, third party software licensing etc. Most of these require a new compile of the product on my part for every new client.

I have come up with a way to do it within the software without having to buy a third party product which only adds on my nightmares of post-sales support. I want your openion on this:

When the product is launched, it checks for hard drive serial number and stores in the memory. It then checks for a particular place in the registry for an encrypted text. If it finds it, it decrypts it, parses out the multiple keys from the string and the remaining is hard drive serial number. Then it compares the hard drive serial number found in the decrypted text with the serial number of the hard drive it earlier retrieved. If the encrypted text in the registry was not found at all or the hard drive serial numbers didn't match, it tells the user that the software is not registered. It also displays the hard drive serial number to the user telling him to call or email my company to let me know the number.

Most of the time I am the one putting together the hardware and software for my customer so the user won't see this dialog in most cases. But I wanna be able to allow downloading the product over the web etc so I do want to be able to register the product remotely.

I have created a tool to generate a registry file. The tool uses the serial number and a combination of keys to create a encrypted string to be stored in a registry location. The registry file would then be sent to the buying/paying customer.

I didn't mean to bore you guys with the whole story here but what I want to know is that is is possible to change the serial number of a hard drive?

If you use ghost software or something similar to create ghost images and then deploy them back to a new hard drive, does the serail number of the source hard drive get copied too?

Also, let me know of what you think about it and if you have a better idea or point out and disadvantages that I am not seeing?

I know that this idea will not work with SCSI hard drives but I am not concerend about that.

The hardware/device serial number is pretty secure. This is the number you'll get if you are using (say) the low level (ATA) command Identify Drive to retrieve the serial number. The disk/volume serial number is not secure at all. It can be changed/altered any number of ways, even by simply formatting. This is the number you get if you use something like the windows api GetVolumeInformation call to retrieve the serial number (here the serial number is in the format XXXX-XXXX).

Please remember to post back whether your problem is resolved or
not, so that others may gain from the knowledge.

I'm of the opinion that any change you make in this regard is actually changing a value that's in memory (perhaps mirrored in the registry or other config files of some sort), NOT the actual HD serial number embedded in the hardware. If this premise is correct, then a reboot would always reset this number to the actual HD serial number, thereby losing your change. But I've been wrong 3 times this year, so maybe this is the fourth?!!

I sent a PM to DrMDJ. Am sure he can explain where the number is etc...

Like I mentioned, my old company used the same number. We caught one company trying to beat our registration process by changing the serial number on a few machines. And the super geeks in the back room had to make us a a little to change the number on cloned drives.

Sorry for not checking back here sooner. I only rarely pop over to the 2k forum. Anway, got Steve's PM and...

Steve already explained about the fact that the number you are getting back when issuing the GetVolumeInformation API is the decimal eqivalent of the number you see doing something like the Dir command (ie. a hex number in the form xxxx-xxxx). This all is what I was talking about in my first post, that the GetVolumeInformation does not return the real "hardware" serial number. To get that number you need to issue something like the low level ATA command Identify Drive.

The number that GetVolumeInformation returns is for a partition. This number can be set and reset in a variety of ways. Like I said before, just formatting a drive changes the number. With a format the number gets set/assigned randomly. You can also force the number to a specific one programmatically. An example of a utility out there that does just this is VolumeID from www.sysinternals.com.

I kinda figured you weren't relying on the hardware serial number, but wasn't sure. Anyway, using the number returned by GetVolumeInformation is not really a reliable means of providing security in your software.

Last edited by DrMDJ; November 19th, 2002 at 10:59 PM.

Please remember to post back whether your problem is resolved or
not, so that others may gain from the knowledge.